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ODP-81-1093 
19 August 1981 


MEMORANDUM FOR: Chairman, Publications Review Board 


THROUGH : Chief, Systems Programming Division 
‘ Deputy Director for Processing, ODP 
Director of Data Processing 
Deputy Director for Administration 


FROM 
Systems Programming Division, ODP 
SUBJECT : Request to Give a Presentation 
1. | request permission to give a presentation describing how computer 


access controls may be applied to different types of systems. 


2. When approved, | intend to speak at the [ss Conference in 
[ ___] during the week of August 23rd. The audience is expected 
to be comprised of about 400 persons from the United States and Canada 
representing organizations running similar computer systems. 


3. None of the material to be presented is classified or controversial. | 
will discuss the technical aspects of adapting a well-known computer software 
package that is used with batch-oriented computing system resources to 
control access to timesharing systems. The problems that would be 
encountered during such an effort will be described in detail. 


4. | am not under cover and will be identified as an Agency employee. 
| will also give the standard disclaimer that the views expressed are my own 
and not necessarily those of the Agency. 


/signed/ 
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SUBJECT: Request to Give a Presentation 


STAT AUTHOR'S NAME: [oo 


TITLE OF PRESENTATION: VM Security Needs and Concerns 


| have reviewed the outline in paragraph 3 of this request, to the best 
of my knowledge have found it to be unclassified, and approve it for 
presentation. 


/s/ Bruce T. Johnson . 7s/ William N. Hart 
Bruce T. Johnson, D/ODP fora E. Fitzwater, DDA 
£1 AUG 
21 AUG Wel eA AUB Tet 
Date ~ Date 
STAT ODP/P/SPD/ISB{____________J08-19-81/PRBREQ9 
Distribution: 


Original ~ addressee 
9 - Chronos 
2 -. DDA 
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ACF2 Support in a VM Environment 
Enhanced Support for Batch Services 
I — Optimally Offer the Full ACF Command in VM/CMS 


1 Use Service Virtual Machine for Data Base Access 
2 Use Virtual Machine Communication Facility VMCF 


3 Implies Common Data Base and Logonids 


II — Provide Access to uential Backup Copy of ACF2 Data 
1 Allow Rule Test and Development ; 
2 Create A Batch Job to Update Data Base via RSCS 
3 Implies Common Data Backup and Logonids 
4 Eliminates Service Virtual, but can Expose Rules 


III — Provide Interactive Job Submission Facility 
1 Simulates TSO Commands but Builds Batch Jobs via RSCS 
2 Requires Networking or Enhanced VM RSCS 
3 Slowest Least Desirable Implementation 
4 Eliminates Service Virtual, no DASD Sharing 


Lecevihaesanesjatenatseaneeneserseimesoneusist 
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ACF2 Support in a VM Environment 
Support for VM — Logon and CMS Disks 


I — Optimally Offer the Full ACF Support in VM/CMS 
1 Use Service Virtual Machine for Data Base Access 
2 Use Virtual Machine Communication Facility VMCF . 
3 Implies Common Data Base and Logonids 
4 Replaces Logon, Link and Access 


II — Requires Changes to CP, in Addition to CMS 
1 Will Require Significient Changes to Startup Processing 
2 Could be Patterned After Cornell Mini Disk Manager 
3 Could be Implemented to Only Replace Link and Access 
4 Reduces System Overhead, and Simplifies Startup 
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ACF2 Support in a VM Environment 

Support for VM Access to OS Disks 
I — Optimally Offer the Full ACF Support in vM/CMS 

1 Use Service Virtual Machine for Data Base Access 


2 Use Virtual Machine Communication Facility VMCF 
3 Implies Common Data Base and Logonids 


4 Implies Very High Overhead -— Every SIO 


II — Provide Access to OS Disks but Limit Use and Position 
1 Allow Access on Volume Basis 
2 Allow Access but Limit Data Sets to Cyllinders 
3 Restrict Data Set Types and Force Single Volume 
4 Reduces System Overhead, but Limits Coverage 
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VM/ACF2 IN AN MVS ENVIRONMENT 


I — Introduction 
1 Introduce self 
2 Agency disclaimer 


II — Evironment discription 


1 Ruffing Center 
2 Each machine 
3 Workload demographics 


III — ACF2 Support in a VM Environment 
1 Enhanced Support for Batch Services 
2 Support for VM Access TO OS Disks 
3 Support for VM — Logon and CMS Disks 
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ACF2 USER EXPERIENCE 


Central Intelligence Agency 
Washington, DC 20505 
ies 


Foil 1 


Unclassified 
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Installation History 


May 1980 


January 1981 


March 1981 
June 1981 
through 
STORRULE 


August 1981 


ACF2 used to validate accounting data 
required local modification to jes3 - user exit 29 


ACF2 used for access controls 

modification to VM/SP RSCS to supply JOBFROM 
information, and JES3 to accept JOBFROM information 
ACF2 selective abort mode by office 


ACF2 inhouse user training 
developed execs to interface VM users to ACF2 


batch, LISTRULE, TESTRULE, COMPRULE, and 


ACF2/TMS automatic foreign tape protection 
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Current Systems 


- Central timesharing on a 3033MP running VM 
- Special application ona dedicated 158UP running VM 
“Prototype database system 0n'4331-1s running VM 
2033 class 
- Eight mainframes running MVS/JES3 
“v 
ure batch/backu 


“<< 3033up - DATABASE(GIMS) oe el 


- 168. - ONLINE TP informatign~retrieval 


&{GIMS) standalone JES3 GLOBAL 
- batch - backup GLOBAL 


- ONLINES-GICS, JES3 GLOBAL. 


- MVS represents Four-fifths of aggregate computing power 


fou 3 
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- production job submission using protected logonids 9/12/81 

- ACFLIBUP, ACFSUBIT service routines, new JES3 disk rdr mod 
- enforcement of dataset naming conventions for new data 9/12/81 
- develop VS1 capability under VM 

- convert TMS catalog to proper dataset names 12/1/81 


- develop auditing techniques for security officers 
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